﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;

public partial class ModifyPwd : System.Web.UI.Page
{
    string employID;
    string permissions;

    protected void Page_Load(object sender, EventArgs e)
    {
        employID = Session["employeeID"].ToString();
        permissions = Session["permissions"].ToString();
    }



    protected void Button1_Click(object sender, EventArgs e)
    {
        if (txt_oldPwd.Text == "")
        {
            Label1.Text = "旧密码不允许为空！";
            return;
        }

        if (txt_newPwd1.Text == "")
        {
            Label1.Text = "新密码不允许为空！";
            return;
        }
        if (txt_newPwd1.Text != txt_newPwd2.Text)
        {
            Label1.Text = "两次密码输入不一致，请重新输入！";
            return;
        }

        SqlConnection conn = CreateConn();

        try
        {
            string selectCmdstr;
            if (permissions != "1")
            {
                selectCmdstr = "select * from tb_User where UserPwd='" + txt_oldPwd.Text + "' and EID='" + employID + "'";
            }
            else
            {
                selectCmdstr = "select * from tb_User where UserPwd='" + txt_oldPwd.Text + "' and ID='" + employID + "'";
            }
            SqlCommand selectCmd = new SqlCommand(selectCmdstr, conn);

            SqlDataAdapter da = new SqlDataAdapter();
            da.SelectCommand = selectCmd;

            DataSet ds = new DataSet();
            da.Fill(ds);

            if (ds.Tables[0].Rows.Count <= 0)
            {
                Label1.Text = "旧密码错误，请重新输入！";
                return;
            }

            string UpdateStr;
            if (permissions != "1")
            {
                UpdateStr = "update tb_User set UserPwd='" + txt_newPwd1.Text + "' where EID='" + employID + "'";
            }
            else
            {
                UpdateStr = "update tb_User set UserPwd='" + txt_newPwd1.Text + "' where ID='" + employID + "'";
            }
            SqlCommand updateCmd = new SqlCommand(UpdateStr, conn);
            conn.Open();
            updateCmd.ExecuteNonQuery();
            conn.Close();
            Label1.Text = "修改成功！";
        }
        catch (Exception ex)
        {
            conn.Close();
        }

    }

    private SqlConnection CreateConn()
    {
        string connStr = ConfigurationManager.ConnectionStrings["ConStr"].ToString();
        SqlConnection conn = new SqlConnection(connStr);

        return conn;
    }
}